Unprotected S3 Cloud Bucket Exposed 100GB of Classified NSA Data

Another day another massive trove of sensitive NSA data exposed online – This time, security firm UpGuard’s Cyber Risk team has identified yet another unsecured AWS (Amazon Web Service) S3 cloud storage bucket containing sensitive, confidential data that belongs to the joint command of National Security Agency (NSA) and US Defense Department called the United States Army Intelligence and Security Command (INSCOM).

The server was discovered on September 27th, 2017 by the Director of Cyber Risk Research at UpGuard, Chris Vickery. The bucket is configured to allow public access to exclusive intelligence information gathered by INSCOM for political leaders and US military. The repository is located at the subdomain “inscom” at AWS, and it contains around 47 viewable files and folders out of which three are downloadable as well.

The bucket’s most valuable asset is the downloadable virtual hard drive that was used for recording communications within protected federal IT environments. When opened, the drive displays confidential information titled NOFORN, which indicates that the information is highly sensitive and prohibited from being accessed by even foreign allies. Furthermore, the data bucket also includes sensitive details related to the Defense Department’s Distributed Common Ground System-Army (DCGS-A), a battlefield intelligence program, and Red Disk, the department’s cloud auxiliary.

Reportedly, the bucket contains over 100GB of classified data, and it got exposed to the public only because of adopting careless security practices. According to Vickery, anyone who gets the URL can easily access this treasure trove of valuable, sensitive data. We cannot ignore that unsecured S3 AWS buckets have caused quite an uproar across the Pentagon and US Defense Department lately as these have caused embarrassing data leakages for various governmental institutions most dominantly the NSA.

Screenshot from the exposed data (Credit: UpGuard)

The blog post from UpGuard read that this cloud leak could have been avoided it the IT-related errors were timely fixed, and much reliable security practices were implemented to ensure that such an “impactful” data repository remains protected.

“Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser. Although the UpGuard Cyber Risk Team has found and helped to secure multiple data exposures involving sensitive defense intelligence data, this is the first time that classified information has been among the exposed data,” stated UpGuard’s post.

The virtual hard drive contains information about a US military project that was codenamed Red Disk. It was actually a failed cloud-based content sharing program that was developed to allow field troops easy access to intelligence data from the Pentagon in real-time.

The data was extremely sensitive as it contained drone images and satellite images too along with hashed passwords for key internal systems of the department and private keys that were provided to Third-party INSCOM defense contractors so that they could access Distributed Intelligence Systems. There are various areas the hard drive that has been marked as Top Secret.

Currently, the NSA hasn’t issued any statement in response to the findings of UpGuard, however, this is the second time in the last couple of months that UgGuard has discovered such a sensitive trove of data. Previously, the company discovered misconfigured Amazon S3 buckets containing US Military’s social media spying campaign.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.